CN105391628B - Data communication system and data transferring method - Google Patents

Data communication system and data transferring method Download PDF

Info

Publication number
CN105391628B
CN105391628B CN201510514811.8A CN201510514811A CN105391628B CN 105391628 B CN105391628 B CN 105391628B CN 201510514811 A CN201510514811 A CN 201510514811A CN 105391628 B CN105391628 B CN 105391628B
Authority
CN
China
Prior art keywords
data
information
control device
transmission
interchanger
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510514811.8A
Other languages
Chinese (zh)
Other versions
CN105391628A (en
Inventor
渡边千次
宫田宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yokogawa Electric Corp
Original Assignee
Yokogawa Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yokogawa Electric Corp filed Critical Yokogawa Electric Corp
Publication of CN105391628A publication Critical patent/CN105391628A/en
Application granted granted Critical
Publication of CN105391628B publication Critical patent/CN105391628B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • H04L49/253Routing or path finding in a switch fabric using establishment or release of connections between ports
    • H04L49/254Centralised controller, i.e. arbitration or scheduling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication
    • H04L41/342Signalling channels for network management communication between virtual entities, e.g. orchestrators, SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/021Ensuring consistency of routing table updates, e.g. by using epoch numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables

Abstract

Data link has interchanger and control device.The interchanger transmits data from transmission source to target is sent referring to the 2nd associated table of information for indicating the processing that should implement in the case where meeting the condition for the 1st information of the condition of received data and expression is made.The control device has:Interim table is set in the interchanger by configuration part, wherein the interim table is stored to for exporting the data for meeting the condition indicated by the 1st information to the 2nd information of control device;Acquisition unit, obtaining indicates the transmission source and the routing information for sending the path between target;And update section, the interim table is updated to the table changed based on the routing information to the output target for the data for meeting the condition indicated by the 1st information.

Description

Data communication system and data transferring method
Technical field
The present invention relates to the calculating of data communication system, data transferring method, control device, control method and non-transitory Machine readable storage medium storing program for executing.
This application claims Japanese patent application the 2014-173153rd filed on August 27th, 2014 priority, Its content incorporated herein.
Background technique
In general, the network equipment (such as interchanger) for constituting network has accesses control list (ACL:Access Control List), the transmission control of data is carried out referring to the content of the accesses control list.In above-mentioned accesses control list In, the specific structure regardless of network can set abstract content (for example, sending the address of target, the port of software is compiled Number etc.).The content of this accesses control list can be set for example, by the order " iptables " of Linux (registered trademark) It is fixed.
In recent years, it in order to realize complicated transmission control, the change of flexible network structure, has used to be referred to as and open Release the technology of (OpenFlow).Open flows are based upon programming to control " the Software-Defined of network Theory as Network " and the technology developed.For the open flows, the network equipment for constituting network is made to be separated into road Diameter controls equipment (OFC:OpenFlow Controller) and data transfer equipment (OFS:OpenFlow Switch), path control Control equipment manages the flow table (Flow Table) for being set to data transfer equipment concentratedly, is thus transmitted control.
Here, flow table used in above-mentioned open flows can describe accesses control list above-mentioned.Flow table is pair By the condition (match) for being transmitted control, it is eligible in the case where the processing (Action) that should implement etc. it is associated The table that information is stored.It is disclosed in Japanese Unexamined Patent Publication 2007-74383 bulletin and is transmitted control referring to accesses control list One example of the prior art of system.
But it in workshop (plant) such environment for being referred to as critical infrastructures, in order to ensure safety, deposits In the requirement that closely control the communication carried out via network.Such as, it is desirable that use the control of white list (white list) System.In the control using the white list, substantially refuses all communications, only allow the spy between the particular device being explicitly indicated Surely the communication applied.
Here, as previously mentioned, the network equipment for being transmitted control using accesses control list is (hereinafter referred to as " existing The network equipment "), the abstract contents such as the address for sending target can be set in accesses control list.Therefore, even if network pipe Reason person does not grasp the specific structure of network, accesses control list can be fabricated to white list yet and carry out strict transmission control System.
But the setting of the accesses control list in the existing network equipment, it is necessary to use the confession for depending on the network equipment Answer quotient, machine order and carry out.It therefore, must in the network that the network equipment provided by various suppliers is used with The order being adapted with the network equipment for setting object must be used and access and control the setting of list.Accordingly, there exist as follows Problem, that is, need cumbersome management, it is difficult in time carry out strict transmission control.
In this regard, the network equipment according to open flow standard above-mentioned, can carry out the setting of flow table using unified agreement. Accordingly, it is believed that simplifying management, therefore, even by each without using the order of the machine dependent on the network equipment The mixed network of the network equipment that the supplier of kind various kinds provides also can in time carry out strict transmission control.
But flow table must be based on the specific structure of network to describe.For example, the case where meeting the condition of transmission control In the case that the processing (Action) that should implement down is the transmission (output) of data, need in flow table to the output data The physical port of data transfer equipment described.Accordingly, there exist following problems, that is, if network manager is not slapped in advance The specific structure (specific connection state) for holding network, then can not make flow table.
On this basis, it will be set according to the network of open flow standard for by network that the existing network equipment is constituted In the case where standby introducing, alternatively it is conceivable to the existing network equipment situation mixed with according to the network equipment of flow standard is opened.
In this condition, it is respectively necessary for different management for each network equipment, therefore becomes more in the presence of management Add cumbersome problem.
Summary of the invention
A kind of data communication system, has:Interchanger, referring to the 1st of the condition for indicate for received data the The 2nd associated table of information of processing that information and expression should be implemented in the case where meeting the condition, from transmission source to transmission Target transmits data;And control device, interim table is set in the interchanger, which is stored with for that will accord with The data for closing the condition indicated by the 1st information are exported to the 2nd information of control device, and obtaining indicates the transmission source The routing information in the path between the transmission target, the interim table is updated to based on the routing information and to meeting The table that the output destination of the data of the condition indicated by the 1st information is changed.
Detailed description of the invention
Fig. 1 is the block diagram for indicating the main part of data communication system involved in the 1st embodiment of the invention.
Fig. 2 is the figure for indicating an example of flow table interim used in the 1st embodiment of the invention.
Fig. 3 is the figure for indicating an example of the flow table used in the 1st embodiment of the invention.
Fig. 4 be an example of the movement for indicating data communication system involved in the 1st embodiment of the invention when Sequence figure.
Fig. 5 be to apply the Process Control System of data communication system involved in the 1st embodiment of the invention into The figure of row explanation.
Fig. 6 is the block diagram for indicating the main part of data communication system involved in the 2nd embodiment of the invention.
Fig. 7 is to indicate that the related flow table executed by converter of the 2nd embodiment of the invention and access control arrange The figure of the production processing of table.
Fig. 8 is the mian part knot for indicating OFS used in the data communication system involved in the 3rd embodiment of the invention The block diagram of structure.
Fig. 9 is the variation for indicating OFS used in the data communication system involved in embodiments of the present invention Figure.
Specific embodiment
Referring to attached drawing and the detailed description according to embodiments discussed below, so that other features of the invention and mode Become brighter and clearer.
Referring to preferred embodiment, embodiments of the present invention will be described.Those skilled in the art can be using this The introduction of invention and a variety of alternative means for realizing present embodiment, the present invention is not limited to this preferred implementations described herein Mode.
Mode of the invention is provided does not grasp the specific structure of network even if network manager or with process in advance In replaced specific constitution equipment, also can in time carry out it is strict transmission control data communication system, data transmission Method, control device, control method and non-transitorycomputer readable storage medium.
Hereinafter, being carried out specifically referring to attached drawing to data communication system involved in embodiments of the present invention and method It is bright.
[the 1st embodiment]
Fig. 1 is the block diagram for indicating the main part of data communication system involved in the 1st embodiment of the invention.Such as figure Shown in 1, the data communication system 1 of present embodiment has OFS (OpenFlow Switch:Transmission device) 11,12 and OFC(OpenFlow Controller:Control device) 20.OFC 20 has configuration part 21, acquisition unit 22, update section 23.? Under the control of OFC 20, OFS 11,12 transmits the data sent from transmission source to target is sent.In Fig. 1, for ease of Understand, shows the data communication system 1 for having 2 OFS11,12, but the quantity for the OFS being set in data communication system 1 It is arbitrary.
In the following, host H1 to be set as to the transmission source of data, host H2 is set as to the transmission mesh of data for ease of understanding Mark.Host H1 is DNS (the Domain Name that the address IP (Internet Protocol) of " 10.0.0.9 " is assigned System) client.Host H2 is the dns server that the IP address of " 10.0.0.1 " is assigned.H1, H2, these hosts Such as by notebook computer, desktop computer, tablet computer, other computers and realize.
OFS 11,12 has multiple physical port P1~P12.OFS 11 and OFS 12 are carried out under the control of OFC 20 The transmission of the data received is handled.Specifically, the flow table that OFS 11,12 will be managed concentratedly using OFC 20 (FlowTable) TB1, TB2 (table:Referring to Fig. 2, Fig. 3) it is stored in memory (not shown).OFS 11 and OFS 12 are referring to flow table TB1, TB2 simultaneously utilize the transport unit transmission (not shown) for carrying out data.Flow table TB1, TB2 is described in detail below.
As shown in Figure 1, host H1 is connect with the physical port P1 of OFS 11, the physical port P6 of host H2 and OFS 12 The physical port P7 of connection, the physical port P12 and OFS 12 of OFS 11 is interconnected.As a result, host H1 and host H2 it Between be built into the network N 1 of data transmission.OFS 11,12 (is omitted via the control port different from physical port P1~P12 Diagram) and connect with OFC 20.It is built into the network N 2 of open flow control as a result,.It is set to the physics end on OFS 11,12 The quantity of mouth is arbitrary.
OFC 20 manages flow table TB1, TB2 used in OFS 11,12 concentratedly, thus carries out transmitting via network N 1 Data transmission control.Specifically, in the case that the path between host H1, H2 is unknown, the configuration part 21 of OFC 20 Interim flow table TB0 (the interim table of memory (not shown) will be stored in:Reference Fig. 2) difference as flow table TB1, TB2 It is set in OFS 11,12, and is controlled using the control unit transmission (not shown) for carrying out data.It is obtained in the acquisition unit 22 of OFC 20 In the case where obtaining the routing information for indicating the path between host H1, H2, the update section 23 of OFC 20 is by interim flow table TB0 is updated to thus carry out data based on the routing information and to flow table TB1, TB2 (referring to Fig. 3) that content is updated Transmission control.OFC 20 carries out the reasons why setting and update of interim flow table TB0 in this way and is, even if network management Person does not grasp the specific structure of network N 1 in advance, and OFC 20 also in time carries out the strict transmission control of white list formula.
In the following, being illustrated to the flow table managed by OFC 20.Fig. 2 is to indicate to make in the 1st embodiment of the invention The figure of one example of interim flow table.Fig. 3 is one for indicating the flow table used in the 1st embodiment of the invention The figure of example.As shown in Fig. 2, Fig. 3, in interim flow table TB0 and flow table TB1, TB2, for each by entry number (ID) entry determined is provided with the field of storage priority (Priority), stores the condition (match for being transmitted control: 1st information) field and storage it is eligible in the case where the processing (Action that should implement:2nd information) field. Above-mentioned priority is used to set the priority of entry.Store the entry of the biggish priority of value, more priority processing.
In the interim flow table TB0 illustrated by Fig. 2, it is provided with 2 entries that priority level initializing is " 1000 ".It is in ID In the entry of " 1 ", it is stored with following information respectively as condition and processing.
[condition]
Transmission source address (SADDR)=" any (any) "
Send destination address (DADDR)=" 10.0.0.1 "
Agreement (PROTOCOL)=" UDP (User Datagram Protocol) "
Port numbering (SPORT)=" any " of transmission source
Send port numbering (DPORT)=" 53 (port numbering used in DNS) " of target
[processing]
·output
Physical port (Port)=" Ctrl "
In the entry that ID is " 2 ", it is stored with following information respectively as condition and processing.
[condition]
Transmission source address (SADDR)=" 10.0.0.1 "
Send destination address (DADDR)=" any "
Agreement (PROTOCOL)=" UDP "
Port numbering (SPORT)=" 53 " of transmission source
Send port numbering (DPORT)=" any " of target
[processing]
·output
Physical port (Port)=" Ctrl "
" UDP for No. 53 ports that target is host H2 is sent that is, being stored in the entry that ID is " 1 " as condition The information of data (datagram) " is stored with the information of " exporting to control port (not shown) (Ctrl) " as processing.In ID In entry for " 2 ", " UDP data (datagram) that transmission source be No. 53 ports of host H2 " are stored with as condition Information is stored with the information of " exporting to control port (not shown) " as processing.That is, being stored in interim flow table TB0 Have the information for being expressed as follows purport, that is, qualified data should be exported to be set to it is not shown on OFS 11,12 Control port connection OFC 20.
In flow table TB1, TB2 illustrated by Fig. 3, it is 2 entries of " 1000 " and excellent for being respectively arranged with priority level initializing First grade is set as 2 entries of " 2000 ".Priority level initializing in flow table TB1, TB2 is that (ID is for 2 entries of " 1000 " The entry of " 1 ", " 2 ") in, it is stored with respectively identical as 2 entries (entry that ID is " 1 ", " 2 ") in interim flow table TB0 Information.
In 1 entry (entry that ID is " 3 ") that the priority level initializing in flow table TB1 is " 2000 ", as condition and It handles and is stored with following information respectively.
[condition]
Transmission source address (SADDR)=" 10.0.0.9 "
Send destination address (DADDR)=" 10.0.0.1 "
Agreement (PROTOCOL)=" UDP "
Port numbering (SPORT)=" any " of transmission source
Send port numbering (DPORT)=" 53 " of target
[processing]
·output
Physical port (Port)=" 12 "
In another 1 entry (entry that ID is " 4 ") that the priority level initializing in flow table TB1 is " 2000 ", as condition And it handles and is stored with following information respectively.
[condition]
Transmission source address (SADDR)=" 10.0.0.1 "
Send destination address (DADDR)=" 10.0.0.9 "
Agreement (PROTOCOL)=" UDP "
Port numbering (SPORT)=" 53 " of transmission source
Send port numbering (DPORT)=" any " of target
[processing]
·output
Physical port (Port)=" 1 "
That is, being stored in the entry that the ID in flow table TB1 is " 3 " as condition, " transmission source is host H1 and sends out Sending target is the UDP message (datagram) of No. 53 ports of host H2 " information, be stored with that " output is to physics as processing The information of port P12 ".In the ID in flow table TB1, to be stored in the entry of " 4 " as condition, " transmission source is host H2's The information of the UDP message (datagram) that No. 53 ports and transmission target are host H1 ", " output to object is stored with as processing Manage the information of port P1 ".It is set in multiple physical port P1~P12 of OFS 11 that is, being stored with expression in flow table TB1 , should according to the Actual path between host H1, H2 and by data output physical port information.
Identically as flow table TB1, in the entry that the ID in flow table TB2 is " 3 ", " transmission source is stored with as condition For host H1 and send target be host H2 No. 53 ports UDP message (datagram) " information, stored as processing There is the information of " exporting to physical port P6 ".In the entry that the ID in flow table TB2 is " 4 ", it is stored with and " sends as condition The information of the UDP message (datagram) that No. 53 ports and transmission target that source is host H2 are host H1 ", is deposited as processing Contain the information of " exporting to physical port P7 ".That is, being stored with the multiple physics for indicating to be set to OFS 12 in flow table TB2 The information of physical port in the P1~P12 of port, should being exported according to the Actual path between host H1, H2 and by data.
In flow table TB1, TB2 illustrated by Fig. 3, (ID is " 1 ", " 2 " with 2 entries that priority level initializing is " 1000 " Entry) compare, priority processing priority level initializing is 2 entries (entry that ID is " 3 ", " 4 ") of " 2000 ".Therefore, make In the case where flow table TB1, TB2 illustrated by Fig. 3, the transmission of the data according to the Actual path between host H1, H2 is carried out Processing.
In the following, being illustrated to the movement of the data communication system 1 of above structure.Fig. 4 is to indicate the 1st implementation of the invention The timing diagram of one example of the movement of data communication system involved in mode.Such as the case where being newly built into network N 1, Under the case where instruction of the manager of the case where having carried out the change of network N 1 or presence from network N 1 etc., start to carry out Processing shown in Fig. 4.
If starting to be handled, message (Flow_Mod message) is sent to OFS via network N 2 by OFC 20 first 11,12, (step S10) is registered via condition, that is, white list of the communication of network N 1 to license.Specifically, OFC 20 will Interim flow table TB0 shown in Fig. 2 (is stored with the letter for indicating the purport that should be exported qualified data to OFC 20 The table of breath) it is set separately as flow table TB1, TB2 in OFS 11,12.
If be disposed above, in order to obtain MAC (the Media Access of the host H2 as dns server Control) address, the host H1 as DNS client broadcast Arp (Address Resolution Protocol) request (step Rapid S11).The Arp request broadcast by host H1, which is output to after being received by OFS 11 according to prespecified rule, not to be schemed The control port (Ctrl) shown is sent to 20 (step of OFC via network N 2 and as message (Packet_In message) S12)。
In the message (Packet_In message) sent from OFS 11, include the host H1 for determining with broadcasting Arp request The OFS of connection and the information of port.Therefore, the link position of 20 couples of expression host H1 of OFC information (indicate host H1 with The information of the purport of the physical port P1 connection of OFS11) recorded (step S13).
If receiving the message (Packet_In message) from OFS 11, OFC 20 is via network N 2 and by message (indicating that the Flood message of the purport of Arp request should be broadcast) is sent to OFS 11,12 (step S14).The transmission of Arp request Which of target, that is, host H2 and OFS 11,12 are connect and indefinite, therefore carry out the processing.11,12 OFS as a result, From the unknown all physical ports of connection relationship (the physical port P1 of the physical port P2~P11 and OFS 12 of OFS 11~ P6, P8~P12) broadcast Arp request (step S15).
If carrying out the above processing, the host H2 connecting with the physical port P6 of OFS 12 is utilized to receive from host H1 Arp request.The Arp answer as the reply for Arp request is sent to OFS 12 (step S16) by host H2 as a result,. After receiving the Arp sent from host H2 and replying, OFS 12 sends out message (Packet_In message) via network N 2 It send to OFC 20 (step S17).
It include the host for determining with sending Arp answer in the message (Packet_In message) sent from OFS 12 The OFS of H2 connection and the information of port.Therefore, the information of the link position of 20 couples of expression host H2 of OFC (indicates host H2 With the information of the physical port P6 of OFS 12 purport connecting) recorded (step S18).
If receiving the message (Packet_In message) from OFS 12, OFC 20 is via network N 2 and by message (Packet_Out message) is sent to OFS 11 (step S19).In the processing of step S13, the transmission target that Arp is replied is led It is known that machine H1 is connect with the physical port P1 of OFS 11, therefore carries out the processing.
If OFS 11 receives the message (Packet_Out message) sent from OFC 20, OFS 11 is from physical port P1 exports Arp and replies (step S20).The host H1 connecting with the physical port P1 of OFS 11 is utilized to receive from host as a result, The Arp of H2 is replied, and is obtained using host H1 as the MAC Address of the host H2 of dns server.
If be disposed above, from the host H1 as DNS client to the host H2 hair as DNS server Send data packet (DNS query) (step S21).Host H1 for example (saves sketch map to inquire other hosts connecting with network N 1 Show) IP address and carry out the processing.
If receiving the DNS query from host H1, OFS 11 carries out (shown in Fig. 2 interim referring to flow table TB1 Flow table TB0) transmission processing.The DNS query sent from host H1 is " to send the UDP for No. 53 ports that target is host H2 Data (datagram) " meet the condition stored in entry of the ID in interim flow table TB0 shown in Fig. 2 for " 1 ".Cause This, OFS 11 will come from according to the processing stored in entry of the ID in interim flow table TB0 shown in Fig. 2 for " 1 " The DNS query of host H1 is exported as message (Packet_In message) from control port (not shown) (Ctrl).
The message (Packet_In message) exported from the control port (not shown) of OFS 11 is sent via network N 2 To OFC 20 (step S22).If receiving the message (Packet_In message) from OFS 11, OFC 20 is found out From host H1 to the processing in the path of host H2.OFC 20 grasps the company of host H1, H2 by the processing of step S13, S18 Position is connect, but does not grasp the path between the link position, therefore carries out the processing.
If finding out the path from host H1 to host H2, OFC 20 via network N 2 and by message (Flow_Mod report Text) it is sent to OFS 11,12.Then, 20 pairs of OFC reflections are registered (step from host H1 to the flow table in the path of host H2 S23).Specifically, the interim flow table TB0 (reference that OFC 20 will be set in OFS 11,12 as flow table TB1, TB2 Fig. 2), it is updated to flow table TB1, TB2 shown in Fig. 3 for being added with the entry that ID is " 3 " respectively.
Compared with original entry (entry that ID is " 1 ", " 2 "), item newly additional in flow table TB1, TB2 shown in Fig. 3 Mesh (entry that ID is " 3 ") has been set higher priority.Therefore, after interim flow table TB0 being had updated in OFC 20, OFS 11,12 is for the preferential transmission processing for carrying out data of entry (entry that ID is " 3 ") newly additional in flow table TB1, TB2.
If receiving the message (Packet_In message) from OFS 11, OFC 20 is via network N 2 and by message (Packet_Out message) is sent to OFS 11 (step S24).In the processing of step S23, interim flow table TB0 is updated to Reflect flow table TB1, TB2 from host H1 to the path of host H2, therefore, in order to will the DNS query from host H1 to Host H2 is transmitted and is carried out the processing to OFS 11.
If receiving the message (Packet_Out message) from OFC 20, OFS 11 is carried out referring to flow table TB1's Transmission processing.The inquiry of DNS included in message from OFC 20 is that " transmission source is host H1 and sends target to be host The UDP message (datagram) of No. 53 ports of H2 " meets the ID in flow table TB1 shown in Fig. 3 to be deposited in the entry of " 3 " The condition of storage.Therefore, OFS 11, will according to the processing stored in entry of the ID in flow table TB1 shown in Fig. 3 for " 3 " DNS query is exported to physical port P12 (step S25).
The DNS query exported from OFS 11 is input to the physical port P7 of OFS 12 and is received by OFS 12.If connect The DNS query from OFS 11 is received, then OFS 12 handle referring to the transmission of flow table TB2.In message from OFS 12 The DNS inquiry for being included meets the condition stored in entry of the ID for " 3 " in flow table TB2 shown in Fig. 3.Therefore, OFS 12 exports DNS query to object according to the processing stored in entry of the ID in flow table TB2 shown in Fig. 3 for " 3 " It manages port P6 (step S26).The host H2 connecting with the physical port P6 of OFS 12 is utilized to receive from host H1's as a result, DNS query.
The road reflected from host H1 to host H2 is set separately in OFS 11,12 in the processing of S23 through the above steps Flow table TB1, TB2 of diameter.Therefore, the hair if hereafter host H1 sends DNS query, without the message for OFC 20 It send, and is carried out handling referring to the transmission of flow table TB1, TB2 respectively by OFS 11,12.DNS query as a result, from host H1 Host H2 (step S27~S29) is sent to via network N 1.
The illustration is omitted in Fig. 4, but in the case where host H2 receives the inquiry of the DNS from host H1, from host H2 sends DNS response to host H1.When sending the DNS response, carry out same with step S11~S26 shown in Fig. 4 Processing.However, it is desirable to which host H1, H2 in Fig. 4 are exchanged, OFS 11,12 is exchanged, and " the DNS Query " in Fig. 4 is replaced It is changed to " DNS Response ".In the case where host H2 receives the request of the Arp from host H1, as long as host H2 is obtained The address MAC of host H1, it will be able to will be omitted with the comparable processing of step S11~S20.
When sending DNS response from host H2, progress and the comparable processing of step S23 shown in Fig. 4, thus by Fig. 3 Shown in ID be " 4 " entry be appended in flow table TB1, TB2 for being set in OFS 11,12.OFS 12 is based on stream as a result, Table TB2 and the DNS response from host H2 is exported to physical port P7.On the other hand, OFS 11 is based on flow table TB1 and future It exports from the DNS response of OFS 12 to physical port P1.In this way, the DNS response from host H2 is transmitted via network N 1 To host H1.
If host H1, H2 from network N 1 be detached from, from OFS 11,12 via network N 2 and will indicate host H1, H2 from The information that network N 1 is detached from is sent to OFC 20.In the case where OFC 20 receives this information, OFC 20 is via network N 2 And send control signals to OFS 11,12.The control signal is for will be associated with host H1, the H2 being detached from from network N 1 Information deletion signal.
As it appears from the above, in the present embodiment, in the case that the path between host H1, H2 is unknown, OFC 20 will face When flow table TB0 be set in OFS 11,12.In addition, obtaining the routing information for indicating the path between host H1, H2 In the case of, interim flow table TB0 is updated to based on the routing information and have updated flow table TB1, TB2 of content by OFC 20, Thus the transmission control of data is carried out.
Above-mentioned interim flow table TB0 is the data for defining the condition for received data and meeting the condition It exports to the flow table of the processing of OFC 20.
Therefore, in the present embodiment, even if network manager does not grasp the specific structure of network N 1 in advance, can also fit When carry out white list formula strict transmission control.
It is also contemplated that following method, that is, inquire to OFC 20 without using above-mentioned interim flow table TB0, OFS 11,12 The processing rule of ineligible data.But in this approach, alternatively it is conceivable to following possibility, that is, having malice Personnel send ineligible data in large quantities in the case where, it is possible to produce to the obstacle of data communication system 1.This reality Apply mode provide to have in interim flow table TB0 for received data condition and by the data for meeting the condition export to The processing of OFC 20.Therefore, the generation that can prevent above-mentioned obstacle, can be improved safety.
Be formed as in the above-described embodiment, the timing that DNS is inquired, update section 23 are being sent to host H2 from host H1 Interim flow table TB0 is updated (referring to step S23).But it is updated the timing of the processing of interim flow table TB0, It can be the timing for obtaining the routing information for indicating the path (can be a part of path) between host H1 and host H2, or It can be the timing for sending certain data to host H2 from host H1 earliest after obtaining above-mentioned routing information.
For example, in the example shown in Figure 4, as long as carrying out the processing of step S11~S18, it will be able to find out expression host The routing information in the path between H1, H2.Therefore, (the comparable processing of processing with step S23) can be handled as follows, That is, OFC 20 finds out the routing information for indicating the path between host H1, H2 in the step S18 timing that processing terminate, and right Interim flow table TB0 is updated.In fig. 4 it is shown that carrying out the data between host H1, H2 in a manner of unicast transmission The example of transmitting and receiving, but the transmitting and receiving of the data between host H1, H2 can also be carried out in a manner of multicast.But It is not transmit Arp, it is therefore desirable to be obtained using messages such as IGRP (Interior Gateway Routing Protocol) Know the connectivity port of host H1, H2.
In the above-described embodiment, after having carried out the processing (processing of step S23) of the interim flow table TB0 of update, It is sent to OFS 11 (step S24) from OFC 20 by message (Packet_Out message), is handled by the transmission of OFS 11,12 And the DNS query from host H1 is sent to host H2.But it is also possible to replace OFS 11 and by message (Packet_ Out message) it is sent to OFS 12, and only handled by the transmission of OFS 12 and the DNS query from host H1 is sent to master Machine H2.Thereby, it is possible to omit the transmission processing for utilizing OFS 11, time needed for capable of shortening data transmission.
Or can be formed as, in the case where OFS 11 has the memory of interim data of the storage from host H1, When receiving from the DNS query of host H1, the DNS query received is temporarily stored in memory, passes through step S22's It handles and will indicate the information for the purport that DNS query is stored in memory being sent to OFC 20.In this case, as long as After the processing (step S23) for having carried out the interim flow table TB0 of update, OFS 11 is based on the instruction from OFC 20 and ginseng The transmission processing for being temporarily stored in the DNS query of memory is carried out according to flow table TB1.
In the following, the example to the Process Control System for being applied to construct in workshop by data communication system 1 described above It is illustrated.As above-mentioned workshop, other than the industrial plant of chemistry etc., there is also to gas field, oil field etc. well site and its Around be managed the workshop of control, the workshop that control is managed to the power generation of hydraulic fire atomic energy etc., to sunlight, The environmental energy power generation of wind-force etc. is managed the workshop of control, is managed workshop of control etc. to plumbing, dykes and dams etc..
Fig. 5 A and Fig. 5 B are the process control to data communication system involved in the 1st embodiment of the invention is applied The figure that system is illustrated.Fig. 5 A is the figure being illustrated to the hierarchy structure of Process Control System.Fig. 5 B is illustrated answers With the figure of the Process Control System of data communication system.As shown in Figure 5A, be formed as in the Process Control System of workshop building The hierarchy structure being made of multiple levels (level that grade is 0~4).Such as it is right by international standards IEC/ISO 62264 This hierarchy structure is provided.
The level of class 4 is the level of the business such as operation, the business for carrying out enterprise.It is built with and is claimed in the level of class 4 For backbone operation system (ERP:Enterprise Resource Planning),PAM(Plant Asset Management) Package management system etc..In contrast, the level of grade 0~3 is known as industrial control (ICS: Industrial Control System) level.The level of grade 3 is the level of manufacture for carrying out product etc..In the grade In 0~3 level, control relevant to product is carried out.But dangerous material are also handled sometimes, therefore it is required that the safety of height.
Specifically, the level in grade 3 is built with manufacturing execution system (MES: Manufacturing Execution System), information management in workshop system (PIMS:Plant Information Management System) etc..Grade 1, 2 level is built with the FCS (Field for having the field device for being set to workshop, being controlled these field devices Control Station) scattered control system (DCS:Distributed Control System) etc..
As described above, the level for carrying out the grade 0~3 of the control in workshop requires the safety of height, therefore, substantially will The network constructed with grade 0~3 is disconnected from the network constructed with class 4.The viewpoint of the traffic with communication is controlled according to protection, The network separation for constructing the network constructed in the level of grade 1,2 from the level in grade 3.
As shown in Figure 5 B, level of the data communication system 1 for example applied to grade 3, OFS 11 is as being set to grade 2 Interchanger SW1 between level and the level of grade 3 and use, layer of the OFS 12 as the level and class 4 for being set to grade 3 Grade between interchanger SW2 and use.The OFS 11,12 for constituting data communication system 1 can also be as being formed in grade 3 The interchanger SW3 of network constructed by level and use.It, theoretically will be in the level institute of grade 3 in the example shown in Fig. 5 B The network of building is divided into 2 communication sets G1, G2.
As shown in Figure 5 B, by the way that data communication system 1 is applied to Process Control System, constructed by the level of grade 3 Network in, can in time carry out white list formula strict transmission control.As a result, can not only to other grade (etc. The data exchanged between grade 2,4) level carry out strict management, additionally it is possible to what is exchanged in the level of identical grade 3 Data carry out strict management.Even if (alternatively, exchange the case where interchanger SW1~SW3 is provided by different supplier The different situation of the type of machine SW1~SW3) under, or in network manager do not rest in the level institute structure of grade 3 in advance In the case where the specific structure for the network built, it is also able to carry out this management.
[the 2nd embodiment]
Fig. 6 is the block diagram for indicating the main part of data communication system involved in the 2nd embodiment of the invention.Such as figure Shown in 6, the data communication system 2 of present embodiment has OFC 40, according to the OFS 31 of open flow standard and not based on opening Release the interchanger 32,33 of standard.Under the control of OFC 40, OFS31 and interchanger 32,33 will be sent from transmission source Data are transmitted to target is sent.
That is, in the data communication system 2 of present embodiment, according to the OFS 31 of open flow standard and not based on open flows The interchanger 32,33 of standard is used in a network.These OFS 31 of 40 centralized control of OFC and interchanger 32,33.In Fig. 6 In, for ease of understanding, shows and have 1 OFS 31 according to open flow standard and 2 not based on open flow standard The data communication system 2 of interchanger 32,33, but the quantity of OFS and interchanger set in data communication system 2 are to appoint Meaning.
OFS 31 is identical as OFS 11,12 shown in Fig. 1.OFS 31 referring to managed by OFC 40 flow table (with Fig. 2, The identical flow table of flow table TB1, TB2 shown in Fig. 3) and carry out data transmission processing.Interchanger 32,33 has not respectively The accesses control list (ACL) of diagram.Interchanger 32,33 referring to the accesses control list content and carry out at the transmission of data Reason.Interchanger 32 is interchanger corresponding with Netconf (Network Configuration Protocol), by carry out according to It accesses according to the communication of Netconf and controls the setting of list.Interchanger 33 is and SNMP (Simple Network Management Protocol) corresponding interchanger, list is controlled by access according to the communication of SNMP Setting.
OFC 40 identically as OFC 20 shown in Fig. 1, by management OFS 31 used in flow table carry out via The transmission control of the data of network (network (not shown) being made of OFS 31 and interchanger 32,33 etc.) transmission.But it removes Other than the flow table used in OFS 31, also accesses control list used in interchanger 32,33 is managed, OFC 40 is different from OFC 20 shown in Fig. 1 in this regard.
As shown in fig. 6, OFC 40 has converter 41 (generating unit) and communication unit 42~44.OFC 40 is based on storage White list WL (condition list) and list of devices DL in memory (not shown), and generate flow table used in OFS 31 Accesses control list used in (table identical with interim flow table TB0 shown in Figure 2) and interchanger 32,33. OFC 40 the flow table of generation and accesses control list are set separately in OFS 31 and interchanger 32,33.
Above-mentioned white list WL is list as defined in the condition of the transmission control to the data via network carries out.Such as schemed 2, the condition in flow table TB1, TB2 shown in Fig. 3 is such, the specific structure regardless of network, all in white list WL Abstract content (for example, transmission source and the address, transmission source and the port numbering for sending target that send target etc.) is carried out Regulation.Above equipment list DL is for each equipment connected to the network, so that determining the identification information of equipment, indicating equipment Whether according to associated lists such as the information for opening flow standard and the information for indicating agreement used in equipment.It is above-mentioned white List WL and list of devices DL are for example made by network manager.
Converter 41 reads white list WL and list of devices DL from memory.Converter 41 according to white list WL and The content of list of devices DL and generate the flow table for being suitable for OFS 31 respectively and be suitable for interchanger 32,33 access control column Table.Specifically, converter 41 generates the interim flow table TB0 of OFS 31 (referring to Fig. 2).In interim flow table TB0, make The content that white list WL is provided for condition, provided as processing in the case where meeting the condition for by data export to The information of OFC 40.Converter 41 generates the access control for being suitable for the communication according to Netconf of interchanger 32,33 respectively List processed and the accesses control list for being suitable for the communication according to SNMP.
Fig. 7 is to indicate that the related flow table executed by converter of the 2nd embodiment of the invention and access control arrange The figure of the production processing of table.Converter 41 reads white list WL and list of devices DL (step S30) from memory.Then, turn Parallel operation 41 judges whether all to have made flow table or accesses control list for all devices (all OFS and interchanger) (step S31).The case where having made flow table or accesses control list for all devices (all OFS and interchanger) Under, converter 41 makes this flow chart, and processing terminate.
On the other hand, flow table or accesses control list are not being made to all devices (all OFS and interchanger) In the case where, converter 41 is differentiated (step S32) to the type for the equipment for not making flow table or accesses control list.? In the case that the type of equipment corresponds to open flows, the production of converter 41 corresponds to the flow table (step of the equipment of open flows S33).In the case where the type of equipment corresponds to Netconf, visit of the production of converter 41 corresponding to the equipment of Netconf Ask control list (step S34).In the case where the type of equipment corresponds to SNMP, the production of converter 41 setting corresponding to SNMP Spare accesses control list (step S35).Until having made flow table or accesses control list for all devices, turn Step S31~step S35 processing is repeated in parallel operation 41.
Communication unit 42 is corresponding with the agreement of open flows.Communication unit 42 is communicated between OFS 31, will be utilized The interim flow table TB0 generated of converter 41 is set in OFS 31.Communication unit 43 is corresponding with Netconf.Communication unit 43 exists The communication according to Netconf is carried out between interchanger 32, will be set in using the accesses control list generated of converter 41 Interchanger 32.Communication unit 44 is corresponding with SNMP.Communication unit 44 carries out the communication according to SNMP between interchanger 33, will Interchanger 33 is set in using the accesses control list generated of converter 41.In Fig. 6, for ease of understanding, it is shown respectively Communication unit 42~44 corresponding with above-mentioned each agreement, but these communication units 42~44 also can be merged into 1.
In the data communication system 2 of above structure, white list WL and list of devices are made by network manager first DL.Then, if there is the instruction from network manager, then converter 41 reads white list WL and equipment column from memory Table DL, generation is suitable for the flow table of OFS 31 and is suitable for the accesses control list of interchanger 32,33 respectively.Then, it communicates It is communicated between portion 42 and OFS 31, the flow table generated using converter 41 is set in OFS 31.On the other hand, it communicates Portion 43,44 is communicated between interchanger 32,33 respectively, and the accesses control list generated using converter 41 is set respectively Due in interchanger 32,33.
As above, in the present embodiment, it is based on white list WL and list of devices DL, automatically production is suitable for OFS 31 Flow table and be suitable for the accesses control list of interchanger 32,33.Even if as a result, according to the OFS 31 of open flow standard and not Interchanger 32,33 according to open flow standard is used in a network, and network manager can also be only to white list WL and equipment List DL is managed, and management will not become cumbersome.
The white list WL that network manager should manage, to transmission source and the address for sending target etc. independent of net The abstract content of the specific structure of network is provided.
Therefore, identically as the 1st embodiment, even if network manager does not grasp the specific structure of network in advance, also can The enough strict transmission control in time carrying out white list formula.
[the 3rd embodiment]
Fig. 8 is the mian part knot for indicating OFS used in the data communication system involved in the 3rd embodiment of the invention The block diagram of structure.OFS 50 used in the data communication system of present embodiment, is able to carry out the biography of the data based on flow table TB Send the filtration treatment (structure of so-called mixed type) of processing and the data based on access control list ACL.In present embodiment Data communication system in, identically as OFC 40 shown in Fig. 6, OFC can make flow table TB based on white list WL etc. And access control list ACL.
As shown in figure 8, OFS 50 have filter house 51, transport unit 52, filter house 53, memory 54, communication unit 55 and Communication unit 56.Filter house 51 is set to the leading portion of transport unit 52.Filter house 51 is arranged referring to the access control for being stored in memory 54 Table A CL carries out the filtration treatment for being input to the data of transport unit 52.Transport unit 52 referring to the flow table TB for being stored in memory 54, Handled via the transmission of the data of filter house 51.Filter house 53 is set to the back segment of transport unit 52.Filter house 53 is referring to depositing It is stored in the access control list ACL of memory 54, carries out the filtration treatment of the data exported from transport unit 52.It can be omitted filtering Any one of portion 51,53.
Flow table of the memory 54 to 52 references of access control list ACL and transport unit of 51,53 references of filter house TB is stored.It is stored in the access control list ACL and the access for the interchanger 32 for being suitable for the 2nd embodiment of memory 54 It controls list in the same manner, is stored in the flow table TB (ginseng identical as the flow table of OFS 31 for being suitable for the 2nd embodiment of memory 54 According to Fig. 6).
Communication unit 55 is corresponding with the agreement of open flows.Communication unit 55 is communicated between OFC (not shown), The flow table TB (interim flow table TB0 shown in Fig. 2) generated using OFC is stored in memory 54.Communication unit 56 with Netconf, SNMP are corresponding.Communication unit 56 is communicated between OFC (not shown), the access control that will be generated using OFC List ACL processed is stored in memory 54.Identically as the 2nd embodiment, these communication units 55,56 can be merged into 1.
In the present embodiment, also identically as the 2nd embodiment, first by network manager production white list WL etc.. If there is the instruction for being directed to OFC (not shown) from network manager, then above-mentioned stream is generated based on white list WL etc. respectively Table TB and access control list ACL.Then, it is communicated between the communication unit of OFS 50 55,56 and OFC (not shown), The flow table TB and access control list ACL that are generated using OFC (not shown) are stored in the memory 54 of OFS 50.Also, The filter house 51,53 of OFS 50 carries out the filtration treatments of data referring to the access control list ACL of memory 54 is stored in.Separately On the one hand, the transport unit 52 of OFS 50 carries out the transmission processing of data referring to the flow table TB for being stored in memory 54.
As it appears from the above, in the present embodiment, the transport unit 52 of OFS 50 carries out the processing of the transmission based on flow table TB, In, flow table TB is based on white list WL etc. and makes.In addition, the filter house 51,53 of OFS 50 is carried out based on accesses control list The filtration treatment of ACL, wherein the access control list ACL is based on white list WL etc. and makes.Even if the OFS of mixed type as a result, 50 can also only be managed white list WL and list of devices DL with network connection, network manager, and management will not become It is cumbersome.OFS 50 being capable of the control that accesses by using wantonly 1 in filter house 51, transport unit 52 and filter house 53.
In the present embodiment, the white list WL that network manager should manage is also to the ground of transmission source and transmission target The abstract content of the specific structure independent of network of location etc. is provided.Therefore, identically as the 2nd embodiment, even if Network manager does not grasp the specific structure of network in advance, can in time carry out the strict transmission control of white list formula yet.
[variation]
<1st variation>
In general, the flow table according to open flow standard have be able to use during i.e. validity period (service life).For aforementioned The the 1st~the 3rd embodiment used in interim flow table TB0 and flow table TB1, TB2, OFC 20,40 can set limited Validity period can also set unlimited validity period.
In the case where OFC 20,40 sets limited validity period, if validity period expires, OFC 20,40 is automatic Delete flow table in ground.Therefore, it can prevent such as network manager from forgetting that deleting has been more than the state of affairs as the flow table of validity period, because This can be improved safety.In contrast, in the case where OFC 20,40 sets unlimited validity period, as long as net is not present Flow table is not just deleted in the deletion instruction of network manager.Therefore, it can prevent from deleting flow table during network manager is unaware of Except such state of affairs, therefore the management of flow table can be clearly carried out according to the intention of network manager.
<2nd variation>
In the 1st~the 3rd embodiment above-mentioned, timer can be set in OFC 20,40 etc., according to prespecified Planning chart and automatically carry out setting the processing (step in Fig. 4 of interim flow table TB0 for OFS 11,12,31,50 etc. The processing of S10) or the processing of deleting the interim flow table TB0 of setting.It can only be carried out during specific as a result, Via the communication of network, or the communication via network can be temporarily carried out, therefore can be improved safety.
<3rd variation>
Fig. 9 is the variation for indicating OFS used in the data communication system involved in embodiments of the present invention Figure.As shown in figure 9, OFS 60 has transport unit 61 and multiple physical port P1, P2.OFS 60 is (not shown) referring to being stored in Flow table in memory and the transmission processing for carrying out data.Transport unit 61 is identical as transport unit 52 shown in Fig. 8.In Fig. 9, It shows and has the OFS 60 of 2 physical ports P1, P2, but the quantity for being set to the physical port of OFS 60 is arbitrary.
Multiple queue Q1~Q3 are provided in physical port P1, P2 of OFS 60.It can be to every in queue Q1~Q3 One is distributed mutually different bandwidth respectively.
In order to specific data flow (flow) distribution queue, it is thus necessary to determine that the physical port of output stream, and specify The queue that should be distributed being set in multiple queues of specific physical port.
In embodiment above-mentioned, as using Fig. 4 explanation, believe obtaining the path for indicating the path of network In the case where breath, it is updated to the interim flow table TB0 (referring to Fig. 2) of not specified physical port that the stream of physical port has been determined Table TB1, TB2 (referring to Fig. 3).Therefore, in this variation, as long as specifying in white list WL of OFC etc. will carry out in advance The frequency band of each data flow of the distribution of frequency band, obtain indicate network path routing information and to interim flow table When TB0 is updated, determines that physical port and select queue.
In the case where can be realized the setting of data flow, frequency band utilized, preferably the setting is appropriate for Policy in terms of network application is tested.For example, in the processing for carrying out step S10 shown in Fig. 4, (OFC 20 will be interim Flow table TB0 be set in the processing of OFS 11,12) in the case where, preferred network manager is to utilizing interim flow table TB0's Whether user has is tested using permission.Therefore, excellent in the case where carrying out the processing of step S10 shown in Fig. 4 It selects to aaa functionality (Authentication (certification), Authorization (approval), Accounting (authorization)) Advice server.Thereby, it is possible to carry out record of the management of the certification of setting person, equipment, permission, pay imformation etc..
OFC 20 and OFC 40 involved in above embodiment have computer system in inside.Also, it is above-mentioned The process managed everywhere in OFC 20 and OFC 40 is stored in terms of non-transitory in the form of the program more than or equal to 1 Calculation machine readable storage medium storing program for executing.It is read by computer and executes the program for being greater than or equal to 1 and carry out above-mentioned various processing. Non-transitorycomputer readable storage medium refers to disk, photomagneto disk, CD-ROM, DVD-ROM, semiconductor memory etc..Separately Outside, it can use communication line and the program more than or equal to 1 be configured in computer, receive the calculating of the configuration Machine can execute the program for being greater than or equal to 1.
Above to data communication system, data transferring method involved in embodiments of the present invention, control device, control Method and non-transitorycomputer readable storage medium are illustrated, but the present invention is not exposed to the limit of above embodiment System, is free to change within the scope of the invention.
For example, in the 1st embodiment above-mentioned, to being to be using the network of IPv4 agreement with network N 1 shown in FIG. 1 Premise, being obtained using ARP indicates that the example of the routing information in the path between host H1, H2 is illustrated.But it is of the invention It can also be applied to the case where network N 2 is the network using IPv6 agreement.In such networks, it can be found using neighbours (Neighbor Discovery) agreement obtains the routing information for indicating the path between host H1, H2.In above embodiment In, it is illustrated in case where enumerating according to open flow standard, still, is realizing SDN (Software-Defined Network in the case where there is limitation identical with open flows in other equipment), the present invention can also be utilized.
In the present specification, " front, rear, top, and bottom, it is vertical, horizontal, under, horizontal, row and column " etc. expression direction word Language refers to these directions in the device of the invention.Therefore, these words in specification of the invention should be of the invention It is relatively explained in device.
Word as " composition " refers to execute function of the invention and constitutes, or the knot for indicating device Structure, element, part.
Also, the word of " means-plus-function " is expressed as in technical solution, it should be comprising can be used in executing the present invention Contained in function possessive construction.
Word as " unit ", for indicating structural element, unit, hardware, programming to execute desired function A part of obtained software.The typical example of hardware is device, circuit, and but not limited thereto.
Above preferred embodiments of the present invention have been disclosed for illustrative, but the present invention is not limited to these embodiments.It is not taking off In the range of purport of the invention, it is able to carry out addition, omission, displacement and other changes of structure.The present invention does not limit In explanation above-mentioned, and only limited by claims of attachment.

Claims (10)

1. a kind of Process Control System, the operating control in workshop is carried out, has the data that will send from transmission source to sending mesh The data communication system of transmission is marked,
The data communication system has:
One or more interchangers, be used for referring to make the 1st information table associated with the 2nd information and from transmission source to transmission mesh Mark transmission data, and be set to the level of grade 3 and the level of class 4 as defined in international standards IEC/ISO62264 it Between, or be set in the level of grade 3, wherein the 1st information indicate to whether with the transmission target in the data that receive And the information that transmission source is related to meets the condition being defined, the 2nd information indicates only defeated in the case where meeting the condition The data received, the machine communication port out;And
Control device sets interim table in the case that the path between the transmission source and the transmission target is unknown In the interchanger, which stores the data for that will meet the condition indicated from the 1st information to control device The 2nd information of output is obtaining the routing information in the path between the expression transmission source and the transmission target In the case of, the interim table is updated to carry out the 1st information and the 2nd information based on the routing information The table of change,
According to open flow standard or there is limitation identical with open flow standard in the interchanger and the control device Other standards,
The control device has:
Condition list provides the condition of the transmission control from transmission source to the data for sending target;And
Generating unit utilizes the condition list, generates and faces described in setting in the interchanger according to open flow standard When the table and accesses control list used in the non-standard interchanger not based on open flow standard.
2. Process Control System according to claim 1, wherein
The timing of the routing information is obtained in the control device or the transmission source is obtained in the control device Send the timing of data after the routing information to the transmission target earliest, the control device carries out the interim table It updates.
3. Process Control System according to claim 1, wherein
The control device is directed to the table setting priority for being set in the interchanger,
The interim table is updated to be set higher than the priority set for the interim table by the control device The table of priority.
4. Process Control System according to claim 1, wherein
The control device for the table used in the interchanger perhaps the interim table set the limited service life or The unlimited service life.
5. Process Control System according to claim 1, wherein
The control device according to prespecified planning chart, carry out the setting relative to the interim table of the interchanger with And at least one party in the deletion of the interim table.
6. Process Control System according to claim 1, wherein
Multiple queues that the interchanger has frequency band different in each port,
In the case where having updated the interim table, the interchanger selects the queue for each port.
7. a kind of data transferring method is that operating for progress workshop is in the Process Control System controlled, will send out from transmission source The data transferring method that the data sent are transmitted to transmission target,
In the data transferring method,
Using control device, interim table is set in from transmission source into one or more interchangers for sending target transmission data, The interim table keeps the 1st information associated with the 2nd information, the 1st information indicate to whether with the transmission mesh in the data that receive It is marked with and information that transmission source is related to meets the condition being defined, the 2nd information indicates only in the case where meeting the condition The data received described in output, the machine communication port,
Using the control device, obtaining indicates the transmission source and the routing information for sending the path between target,
Using the control device, the interim table is updated to based on the routing information and to the 1st information and institute The table that the 2nd information is changed is stated,
Defined item is carried out using to the condition of the transmission control from transmission source to the data for sending target from the control device Part list generates the interim table set in the interchanger according to open flow standard and fails to be sold at auction not based on opening Accesses control list used in quasi- non-standard interchanger,
The switch configuration is in the level of the level of grade 2 and grade 3 as defined in international standards IEC/ISO 62264 Between, it is perhaps set between the level of grade 3 and the level of class 4 or is set in the level of grade 3.
8. data transferring method according to claim 7, wherein
By the control device the timing for obtaining the routing information or after obtaining the routing information earliest The timing that data are sent from the transmission source to the transmission target, is updated the interim table.
9. data transferring method according to claim 7, wherein
Using the control device, priority is set for the table for being set in the interchanger,
Using the control device, the interim table is updated to be set the priority than setting for the interim table The table of high priority.
10. data transferring method according to claim 7, wherein
The limited longevity is set for the table used in the interchanger or the interim table using the control device Life or unlimited service life.
CN201510514811.8A 2014-08-27 2015-08-20 Data communication system and data transferring method Active CN105391628B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014173153A JP2016048854A (en) 2014-08-27 2014-08-27 Data transfer system and method
JP2014-173153 2014-08-27

Publications (2)

Publication Number Publication Date
CN105391628A CN105391628A (en) 2016-03-09
CN105391628B true CN105391628B (en) 2018-11-27

Family

ID=53900735

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510514811.8A Active CN105391628B (en) 2014-08-27 2015-08-20 Data communication system and data transferring method

Country Status (4)

Country Link
US (1) US10104014B2 (en)
EP (1) EP2991272B1 (en)
JP (1) JP2016048854A (en)
CN (1) CN105391628B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6462879B2 (en) * 2014-12-09 2019-01-30 華為技術有限公司Huawei Technologies Co.,Ltd. Method and apparatus for processing an adaptive flow table
US10637890B2 (en) 2016-06-09 2020-04-28 LGS Innovations LLC Methods and systems for establishment of VPN security policy by SDN application
US10305935B2 (en) 2016-06-09 2019-05-28 LGS Innovations LLC Methods and systems for enhancing cyber security in networks
US10425419B2 (en) 2016-07-21 2019-09-24 At&T Intellectual Property I, L.P. Systems and methods for providing software defined network based dynamic access control in a cloud
CN107666428B (en) * 2016-07-28 2020-03-06 新华三技术有限公司 Method and device for detecting silent equipment
KR102342734B1 (en) * 2017-04-04 2021-12-23 삼성전자주식회사 Software defined network controll devcie and method for setting transmission rule for data packet
CN110505176B9 (en) * 2018-05-16 2023-04-11 中兴通讯股份有限公司 Method and device for determining and sending message priority, and routing system
CN110401733A (en) * 2019-08-22 2019-11-01 中国科学院声学研究所 A kind of ARP protocol implementation method, system and the controller of SDN network
CN113014411B (en) * 2019-12-20 2022-11-22 华为技术有限公司 Method, device and system for managing network device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130283398A1 (en) * 2012-04-24 2013-10-24 Jianqing Wu Versatile Log System
US20140019639A1 (en) * 2011-03-31 2014-01-16 Hiroshi Ueno Computer system and communication method
US20140098669A1 (en) * 2012-10-08 2014-04-10 Vipin Garg Method and apparatus for accelerating forwarding in software-defined networks
CN103974380A (en) * 2013-01-24 2014-08-06 杭州华三通信技术有限公司 Terminal access position keep-alive method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007074383A (en) 2005-09-07 2007-03-22 Yokogawa Electric Corp Information system
EP2169495A1 (en) * 2008-09-18 2010-03-31 Siemens Aktiengesellschaft Method for modelling a manufacturing process
WO2011162215A1 (en) * 2010-06-23 2011-12-29 日本電気株式会社 Communication system, control apparatus, node control method and program
JP2012049674A (en) * 2010-08-25 2012-03-08 Nec Corp Communication apparatus, communication system, communication method and communication program
CN105144652A (en) * 2013-01-24 2015-12-09 惠普发展公司,有限责任合伙企业 Address resolution in software-defined networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140019639A1 (en) * 2011-03-31 2014-01-16 Hiroshi Ueno Computer system and communication method
US20130283398A1 (en) * 2012-04-24 2013-10-24 Jianqing Wu Versatile Log System
US20140098669A1 (en) * 2012-10-08 2014-04-10 Vipin Garg Method and apparatus for accelerating forwarding in software-defined networks
CN103974380A (en) * 2013-01-24 2014-08-06 杭州华三通信技术有限公司 Terminal access position keep-alive method and device

Also Published As

Publication number Publication date
US20160065501A1 (en) 2016-03-03
EP2991272B1 (en) 2018-09-26
JP2016048854A (en) 2016-04-07
CN105391628A (en) 2016-03-09
US10104014B2 (en) 2018-10-16
EP2991272A1 (en) 2016-03-02

Similar Documents

Publication Publication Date Title
CN105391628B (en) Data communication system and data transferring method
CN103404093B (en) Communication system, data base, control device, communication means
CN108366121A (en) The group network system and apparatus control method of the more intelligent gateways of Internet of Things
CN105765946B (en) Support the method and system of the service chaining in data network
CN105634956B (en) A kind of message forwarding method, device and system
CN105959254B (en) The method and apparatus for handling message
CN104753697B (en) A kind of method, equipment and system controlling the automatic beginning of the network equipment
CN104468368B (en) Configure the method and device of bgp neighbor
CN108370379A (en) With cunicular equipment management
CN108259218A (en) A kind of IP address distribution method and device
CN112272145B (en) Message processing method, device, equipment and machine readable storage medium
CN105227466B (en) Communication processing method and device
CN108924050A (en) Data forwarding method and its device, storage medium and network card equipment
CN104320502B (en) Terminating gateway IP address distribution method, the method for data transfer, MME and system
CN104184663A (en) Communication method and device based on software-defined network and integrated identification network
CN105794158B (en) For handling the method and system of Internet Protocol packet
US11349808B2 (en) Internet protocol security messages for subnetworks
CN106413127B (en) Method, system and the Relay equipment of Relay equipment connection remote network management server
CN108965036A (en) Configure across public network equipment exchanging visit method, system, server and storage medium
JP2019519146A (en) Routing establishment, packet transmission
Mufadhol et al. Netscan and networx for management bandwidth and traffic with simple routing
CN107465621A (en) A kind of router finds method, SDN controllers, router and network system
CN103797762A (en) Communication terminal, method of communication and communication system
CN105357332B (en) A kind of method for network address translation and device
CN105530119B (en) The Controller-to-Controller interface being abstracted for multitiered network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant